CVE-2025-53818

GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...

CVE-2025-53818

CVE-2025-53818 affects the GitHub Kanban MCP Server. Version 0.3.0 is vulnerable to a command-injection flaw in the MCP Server’s add_comment tool, which uses Node.js child_process.exec and concatenates user-supplied input with the gh command. This unsafe usage can lead to remote command execution...

CVE-2024-52810

@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the globa...

PT-2025-19349 · Npm · Js-Object-Utilities

Vulnerability type: Prototype Pollution Affected Package: Product: js-object-utilities Version: 2.2.0 Remedy: Update package to version 2.2.1. Vulnerability Locations: js at module.exports /node modules/js-object-utilities/dist/set.js:16:29 Description: The latest version of js-object-utilities...

CVE-2025-27597 Vue I18n Prototype Pollution in `handleFlatJson`

Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the...

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control C2 infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a...